User’s Manual of IGS-10020HPT-U
331
4.5.7 IP Source Guard
4.5.7.1 IP Source Guard Configuration
IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on
the DHCP Snooping Table or manually configured IP Source Bindings. It helps prevent IP spoofing attacks when a host tries to
spoof and use the IP address of another host. This page provides IP Source Guard related configuration. The IP Source Guard
Configuration screen in Figure 4-5-7-1 appears.
Figure 4-5-7-1: IP Source Guard Configuration Screen Page Screenshot
The page includes the following fields:
Object Description
• Mode of IP Source
Guard Configuration
Enable the Global IP Source Guard or disable the Global IP Source Guard. All configured
ACEs will be lost when the mode is enabled.
• Port Mode
Configuration
Specify IP Source Guard is enabled on which ports. Only when both Global Mode and Port
Mode on a given port are enabled, IP Source Guard is enabled on this given port.
• Max Dynamic Clients
Specify the maximum number of dynamic clients can be learned on given ports. This value
can be 0, 1, 2 and unlimited. If the port mode is enabled and the value of max dynamic
client is equal 0, it means only allow the IP packets forwarding that are matched in static
entries on the specific port.
Buttons
: Click to translate all dynamic entries to static entries.
: Click to apply changes
: Click to undo any changes made locally and revert to previously saved values.
To Next Page
Loading...
